Business Intelligence has changed the way we drive commerce. Better informed decisions are delivering
critical competitive advantages, in virtually every sector of enterprise. Executive judgement and analytical
skills have therefore never been as important to a business’s success.
It’s no small wonder then that executives want more access to their data — not just from the office but at
home via a laptop, or even on a mobile device such as the Apple Watch. In 2015, this has given rise to
emergence of mobile business intelligence apps in the cloud, which is a great innovation. However with the
increasing sophistication of cybercrime, there is an increasing security risk that sensitive confidential
information and monetary assets could be the target of hackers.
In recent years hackers have increased the frequency and effectiveness of their attacks by finding and
exploiting the application vulnerabilities within the app code to get at the underlying data. For example they
can manipulate applications to steal or tamper with information by using techniques such as SQL injection
or cross site request forgery.
New application delivery models and platforms (such as a cloud and mobile) and technologies (such as
mobile app programming languages and frameworks) inherently pose new security risks. The application
security technologies and processes have not been developed or matured for them. But the pressure to
push more and more sensitive information to be available on demand will only grow in the next few years.
Enterprises therefore need to protect their information — be it financial or perhaps personal information in
the case of HR professionals. They can only do this by implementing a comprehensive, life cycle approach
to application security and by increasing their investment into security penetration testing. We at Experior
have seen a growing awareness of the amount of sensitive data that is now being viewed and used outside
of the office walls — but there’s still a lot of ignorance on the topic.
Business leaders need to be asking the right questions to their IT provider: How do we stop someone
outside of the company to access the information on mobile? If it’s in the cloud and being called down to a
mobile app, what’s stopping them?
Fortunately, there are application security testing (AST) products (such as those offered as HP, IBM and
Veracode) that are used to analyse apps and test applications for weakness and can be delivered as a tool
or as part of a service. Mobile AST products enable the testing of mobile applications security by testing
web services interfaces and analysing the application behaviour statistically and dynamically to identify the
security risks. Security testing will point to the applications functions that do not follow the enterprise
security rules such as those governing the sharing of corporate information to external locations.
This is an important first step in the battle to make increasingly valuable data available whenever and
wherever it is needed. But there is a long way to go before business intelligence applications for the
enterprise will carry the security promise of a consumer banking application. This is a challenge that is not
going to go away — as more and more data is going mobile. This means the CTO and CISO must start
thinking mobile too. As the perimeter of information expands, so must the security measures they take —
from the application’s conception through to its continued use when it goes live.